INTRODUCTION ============ Adding a feature in the kernel is not something free, it must have some interest. I will try here to explain the reasons why I am posting here a new bag of code.
I studied the security of Tizen 3 [1] and modestly participated to it. Tizen 3 uses Smack as its security background. But managing API level authorisation with Smack is nor simple nor very efficient. The current implementation uses a component named "cynara" [2] to record (database) the authorisation (aka privilege) of applications. Services called can check wether an instance of an application has or not the authorisation for given user. Before cynara came on the scene, I made some studies. One of it tried to implement a keyring of authorisations using fuse [3]. This was an interesting research but it had big issues. The biggest being that it can not follows application's lifecycle: clone, exec, exit... This issues are merely disappearing when the keyring of authorisations is managed by a LSM (Linux Security Module). I submit here this "sub"-module of Smack. I used not the word of "authorisation" but just the word of "tag". The reason is that the submodule can be used for any purpose. HOW TO ACTIVATE IT? =================== It is a sub-module of Smack and it can be activated/deactivated in the config using CONFIG_SECURITY_SMACK_TAGS. WHAT IS IT DOING? ================= Each process or thread receive a list of tags. This list can be empty. This tags are copied (this is not shared) during 'clone' and mostly kept during 'exec'. By default: - processes can NOT remove any tags for itself - processes can NOT add any tag to itself - processes can NOT alter the tags of other processes - processes lose their tags during 'execve' - processes can read tags of other processes when DAC/MAC allows it But some rules allow: - authorised processes can remove tags - authorised processes can add tags - authorised processes can alter other processes tags - authorised processes can keep their tags during 'exec' More accurate details are in the commit message. WHAT IS THE IDEA BEHIND? ======================== An authorised process can add a tag X to itself or other process. Later, an other process can check wether a process has or not the tag X to adapt its behaviour. Mechanisms here given are allowing either a centralized service for tagging processes or a fork/exec model. A such module can be easily used as part of a cynara like authorisation system. LINKS ===== [1] https://wiki.tizen.org/wiki/Security [2] https://wiki.tizen.org/wiki/Security/Tizen_3.X_Cynara [3] https://github.com/jobol/keyzen José Bollo (1): Smack: adding Smack-Tags subsystem fs/proc/base.c | 3 + security/smack/Kconfig | 8 + security/smack/Makefile | 1 + security/smack/smack.h | 7 + security/smack/smack_lsm.c | 39 +++ security/smack/smack_tags.c | 641 ++++++++++++++++++++++++++++++++++++++++++++ security/smack/smack_tags.h | 40 +++ 7 files changed, 739 insertions(+) create mode 100644 security/smack/smack_tags.c create mode 100644 security/smack/smack_tags.h -- 2.1.4 -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
